Looking back, it is more interesting to consider the risks to resilience that were less effectively addressed in 2023 than those that were dealt with appropriately. At a high level, resilience challenges have changed little in the last few years, with cyber issues arguably being the most common threat and concern. However, the legacy of Covid emerged as a double-edged sword. On the one hand offices, and several other types of premises like classrooms, are no longer critical, making the risk of ‘office denial’ seem outdated. On the other hand, working from home posed a raft of IT security issues, along with concerns about productivity, real human contact and relationships and ‘command and control issues’.
Almost unnoticed, and quietly, a huge change in the balance of power between employer and employee slid into being and few companies took cognisance as to its implications for resilience. In German, the word for employer is Arbeitgeber and employee is Arbeitnehmer. Linguistically, this implies the dominance of the employer who ‘gives work’ and the employee who ‘takes work’ far more than the English version suggests. It seems that the balance of power has shifted considerably towards employees, who now almost need to be enticed, coaxed or coerced into the office. Most job adverts now include specifics on working from home and/or the office. This means there will be a dispersed workforce during the initial stages of any incident. Proficiency on platforms like Teams/Zoom/Google Meet might have significantly improved over Covid but even the best virtual meeting lacks the visceral power of face-to-face meetings in a crisis environment where the inspirational force of personality is vital.
However, there have been new challenges arising from shifts in societal perceptions of risk that many companies might not easily appreciate. Perhaps the main change to risk which has seeped into resiliencies is the conflation of probability with possibility, ‘well it could happen’ statement as opposed to the probability of it occurring. To some extent, this is understandable given the difficulty of achieving any real objective precision in many risk assessments, combined with an increasingly precautionary culture where ‘nothing bad must happen’.
Concurrent with the declining concern over Covid, there has been a shift from focusing on physical quantifiable risks (fire, flood, theft) to a preoccupation with individuals’ experiences. Many of the organisations that we have been involved with have faced what can be considered social issues, which have been equally if not more challenging to their resilience and reputation than traditional risks. It appears that personal inappropriate actions, or views, or statements can be incredibly damaging not to mention deliberate deceit such as falsifying exhaust emissions; according to the New York Times, Volkswagen’s current bill has just passed $20 billion. An analysis, conducted by law firm Fox & Partners, found that bullying claims increased from 581 to 835 between March 2021 and March 2022. The list of public figures or business leaders who have fallen foul of the law, or the judgement of society is long and ranges from authors to business leaders, CFOs, academics, TV personalities, pundits and of course politicians across the political spectrum. The issue is that this threat to resilience is nearly impossible to quantify, forecast, assess or include in any open risk register.
As we move into 2024, we wonder how many other overlooked challenges to resilience we might be considering this time next year. Precious few companies have a Space Weather plan for solar flares or ‘Carrington events’; despite it being on the National Risk Register for over a decade. We wonder how many organisations have a plan for war in Europe. There has been at least one major war every century in Europe since the First Greco-Persian War in 490 BC. Aside from the current conflict, is there any logical reason to think that this pattern will not repeat? Conditional probability and Bayes’ theorem would suggest it is quite likely!